Of course, IPv6 (or the new IPv4) was supposed to take care of all of this — billions of billions of new IP addresses, hardened security built in from the start, and an elegant new architecture to replace all of IPv4’s hacks.

So what happened to IPv6?

Well, it has been a strange, long year…

The year began with fears over the “end of the Internet” (due to lack of IPv6 adoption) and ends this month with renewed IPv6 enthusiasm centered around the Olympics and a successful US government IPv6 mandate. In between these two extremes of IPv6 despair and enthusiasm, IPv6 generated a surge of news coverage (see graph below). At its peak this past June, print media around the world published nearly 3,000 articles a month on IPv6 (almost twice as much as the comparatively uninteresting IPv4).

Much of the recent coverage has focused on the summer Olympics this week. Chinese organizers have planned the summer Olympics game as a showcase for IPv6 technology. From a recent article, “… IPv6 will herald the arrival of China as a major center for technological and scientific advancement in a way that will overshadow its own unbeatable record as a world leader…”. Through China’s Next Generation Internet (CNGI) initiative, China has reportedly spent several billion dollars making sure they got a national IPv6 backbone right.

In the US, the recent government deadline for IPv6 compliance also generated a flurry of IPv6 activity: All major vendors publicly declared their IPv6 readiness. Popular press and industry magazines filed thousands of stories on IPv6. US Federal Departments officially declared success and the Internet IPv6-ready this past June 30th.

So has imminent collapse of the Internet has been avoided?

Is the Internet moving full steam ahead towards IPv6?

Maybe.

The truth is that as an industry we don’t have a good measure on the relative adoption success of IPv6 with respect to Internet traffic.

No idea really.

We do have some anecdotal measurements on IPv6 registry allocation and BGP announcements. But, very little data on actual IPv6 usage.

As our small effort to fill this gap, we spent much of the last year looking for IPv6 traffic in the Internet. In cooperation with the University of Michigan and close to 100 Internet providers, we leveraged commercial traffic probes across the world to measure inter-domain IPv6 traffic in the Internet. We believe this is the largest study of IPv6 and Internet traffic in general to date (by several orders of magnitude).

Our dataset covered 87 ISPs including one quarter of the tier1 ISPs and a sizable percentage of the regional / PTT providers in North America and EMEA. In all, we monitored 2,389 peering and backbone routers, 278,268 customer and peering interfaces, and an aggregate 15 exabytes of Internet inter-domain traffic at an average daily rate of 4 terabits per second (we spoke about some of this measurement infrastructure at a recent NANOG). We believe this gave us a pretty good view of overall IPv6 traffic trends in the Internet.

What did we find?

Not much. In fact, less than not much — very, very little.

The below shows the percentage of IPv6, both native and tunneled, as a percentage of all Internet traffic. At its peak, IPv6 represented less than one hundredth of 1% of Internet traffic. This is somewhat equivalent to the allowed parts of contaminants in drinking water (my household water comes from the Detroit river).

Now the above graph may not be completely fair since many of the ISPs do not have infrastructure to monitor native IPv6 (more about this later). But our numbers seem to agree with data from a variety of other sources on IPv6 adoption rates.

We are not the first to raise concern over the small amount of IPv6 traffic (see Geoff’s slides last month) — just the first to have Internet wide IPv6 traffic usage measurements.

And the lack of IPv6 traffic is not for lack of trying. Many organizations and individuals offer a range of lures to encourage IPv6 adoption. For example, the next generation research and education backbone in the US, Internet2, offers free transit for IPv6 traffic. And unlike IPv4, many large ISPs have very liberal IPv6 peering policies.

The single greatest lure? For ISPs or large multi-homed enterprises struggling to justify just one more tiny, little IPv4 /16 allocation, the minimum IPv6 allocation is /32 or a staggering 2^64 larger than the entire IPv4 Internet today.

But none of these efforts have been enough to generate any significant IPv6 traffic.

So, why so little IPv6 traffic?

Well, the biggest issue is money. Specifically, the department of commerce estimates it will cost $25 billion for ISPs to upgrade to native IPv6.

And this massive expense comes without the lure of additional revenue since IPv6 offers diminishingly few incentives nor new competitive features to attract or upsell customers. In many ways, IPv6 in the United States is much like the high definition television federal mandate (but without the mandate or the really crisp looking football games).

The harsh logic of the Metcalfe Effect also applies. With so few web sites and end users currently supporting IPv6, the incremental value to any single new IPv6 end site is limited. For many end users, v6 is an IP version all dressed up but with nowhere to go.

The third major issue is technical. While most vendors passed the OMB IPv6 requirements, it kind of depends on what you mean by “IPv6” and “requirement”.

For example, some backbone routers “support” IPv6 forwarding, but not in hardware (at least not at line rate). Or IPv6 “support” does not include ACLs nor other critical security features. An ICANN survey of security vendors found that less than one in three commercial firewalls support IPv6.

And even if your router supports IPv6, you might not be able to test or monitor it. Few vendors offer complete IPv6 SNMP / MIB support and even fewer support IPv6 Flow export (in fairness, V9 flow support is included on many Cisco cards today and Juniper has announced IPFIX support sometime in the next year). We blogged about many of these deployment issue earlier this year and Randy gave a presentation on the topic at a recent NANOG. The CAIDA and ARIN IPv6 Survey also has a nice summary on market / business forces limiting ISP IPv6 adoption.

Perhaps the biggest problem is that IPv4 works. And works well.

While IPv4 addresses are still relatively plentiful and cheap, ISPs and end customers have few incentives to migrate to IPv6. Some recent research even suggests IPv4 addresses may be more plentiful than previously believed. This tech report found that less than 4% of allocated addresses are actually occupied by visible end hosts. The authors concluded that most Internet space is likely, in fact, unused (though allocated).

All of this lack of IPv6 adoption has lead to quite a bit of hand wringing in the ISP technical community. While not declaring IPv6 a failure, discussions do wander into questions about “premature extinction of IPv6” or whether “IPv6 is an exercise in futility”.

Imminent Collapse

Predicting the imminent collapses of the Internet has a long and storied history over the last twenty years. But despite all of these predictions, the Internet has survived. Sure we crashed a few routers, announced some bogus routes, and dropped a few bits here and there. But the Internet survived — even grew a bit and gained some new users. I saw Bob Metcalfe eat a tie.

And the Internet will undoubtedly change and evolve past the impending IPv4 exhaustion.

But how?

Well, the questions is more about market forces than technology. IPv4 address allocations already have a minimal cost ($18,000 for ARIN large allocation). And growing registry management justification requirements and shrinking allocation size have steadily increased the overall cost of address space to ISPs over the last ten years. During the heady Internet technology bubble days, several companies made acquisitions in significant part based on the valuation of large legacy IP allocations.

Many think the price of IPv4 and scarcity will lead to open or if not sanctioned, black markets for address space. And debates continue whether an open market for IPv4 would be good or bad thing for Internet policy. Personally, I think an IPv4 market is inevitable.

The Future of IPv6

It is now clear the original optimistic IPv6 deployment plans have failed.

While the end of the Internet is not near, neither is IPv6. At the current rate of adoption, we are a decade or more away from pervasive adoption of dual stack support for IPv6. As Alain correctly notes in a recent IETF draft, “The IANA free pool of IPv4 addresses will be depleted soon, way before any significant IPv6 deployment will have occurred”.

So IPv6 adoption will take far longer and will look far different than most of us expected back in 1994 when the IAB announced the selection of IPv6. Clearly things need to change, including IETF and vendor exploration of other technologies to facilitate IPv6 adoption such as better NAT interoperability or lighter weight dual stack.

Still, despite some of the rather anemic IPv6 traffic statistics above, IPv6 is growing. The graph above shows the number of print media articles per month mentioning IPv6 and IPv4 in the first 30 words (source MetaNews). Note that IPv6 is running almost two to one against IPv4. If judged purely by public interest, IPv6 is a winning (by comparison, DNSSEC averages only 50 articles per month and barely peaked at 150 during the DNS crisis. BGPSEC fared even worse).

The below graph shows the aggregate average daily IPv6 (tunneled and native) traffic across 87 ISPs over the last year. Since July 2007, IPv6 traffic has grown by nearly a factor of 5 to an average of 100 Mbps per day. BGP tables show an even larger proportional growth. Though not a landslide of adoption, it is still something.

While it is easy to poke fun at predictions of the “Imminent Collapse of the Internet”, the eventual exhaustion of IPv4 allocations is real. We need to do something. And IPv6 is our best bet.

So, I’ll end with my top four predictions on IPv6 growth:

Islands are beautiful too.
IPv6 may succeed in the same way multicast failed. And by multicast failing, I really mean multicast succeeded. Though multicast never evolved a business model to justify its originally envisioned Internet wide inter-domain deployment, multicast has been astonishingly successful within the enterprise and ISP service infrastructure. Almost all Fortune 500 enterprises use multicast in some form to broadcast company video or update applications. Similarly, multicast is at the core of most ISP IPTV infrastructure.Like multicast, we are seeing rapid adoption of IPv6 within consumer, IPTV and 3G / 4G mobile providers for management of their internal infrastructure. You can pick your favorite market driver: 3G / 4G Mobile IP, Digital Radio, RFID, Control Networks, etc. But the numbers for globally unique end devices is staggering no matter which trend you choose.

For example, Comcast has migrated all of their internal control network to IPv6 with plans to manage 100 million cable modems.

Various estimates place number of network devices that will need to be managed at 12 billion by 2012. Note that these devices may not need global visibility, but providers will need to at least internally provision and manage (and RFC1918 space is not a reasonable option).

Market trumps technology. And politics trumps markets.
The future of the Internet is not fixed line devices. Nor is it users in the United States.The future of the Internet is likely both mobile devices and emerging Internet countries like China which reportedly surpassed the number of US web users at 253 million last month.While politics and government mandates do not always drive technology (see GOSIP or metric system in the United States), sometimes they do (see metric system in United Kingdom).

Throughout the world, government mandates are spurring IPv6 adoption. China’s CNGI initiative and billions in spending uses IPv6 as the centerpiece. Similarly, Japan, Korea all have major IPv6 initiatives. The EU called for mass migration to IPv6 by 2010.

The important bit to realize about governmental focus on IPv6 is that it is not about technology nor is it even really about IPv6. Many governments view IPv6 through the prism of politics. These countries, rightly or wrongly, view ICANN and the large US centric legacy IPv4 allocations as instruments of US control. For China, Japan and many EU nations, IPv6 is really about no less than who will control the future of the Internet.

IPv6 has already succeed.
You can now get native IPv6 from many providers, including Verizon, Tata (formerly VSNL/Teleglobe), Global Crossing and others. Over half of surveyed providers say they have plans to roll out commercial IPv6 offerings in the next year. As more vendors integrate IPv6 into their products lines, the ISP IPv6 tax has correspondingly dropped. For many, IPv6 comes with latest refresh of hardware which ISPs generally amortize over 5-8 year periods. While it will be many years before the millions of embedded end devices support IPv6, your backbone routers likely already do.Most encouraging of all, there is finally the beginning of real IPv6 content. Or at least you can now use IPv6 to search content (as long as the indexed content is IPv4). At the Philadelphia IETF this year, Google announced support for production quality IPv6 search at ipv6.google.com.

And the final reason IPv6 will succeed?
No one has the stomach to spend another twenty years replacing IPv6 with something else.

Personally though, I just configured our local router for IPv6 so I can watch Michael Phelps (former University of Michigan athlete) win eight golds this week at http://2001:252:0:1::2008:6.

Full disclosure — I worked on the failed TUBA counter-proposal to IPv6 and still harbor a grudge.

39 Responses to “The End is Near, but is IPv6?”

[…] according to the guys over at Abor Networks, less than 1% of all Internet traffic (via […]

August 18, 2008 at 10:15 pm, Level of IPv6 Usage is Vanishingly Small « 2ticks said:

[…] IPv6 (including here). A new study says that Internet IPv6 migration is not just going slowly â€” it has basically not even begun. After spending a year measuring IPv6 traffic across 87 ISPs around the world, the study concludes […]

In particular, right at the top: “they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space.”

DJB strikes again.

August 18, 2008 at 8:48 pm, Donavan Pantke said:

One of the primary drivers of IPv6 going forward will be enterprises. Most current enterprises are heavy users of NAT/PAT technologies. The pain and suffering that large-scale NAT/PAT solutions cause to both network operators and end users will be a huge push for IPv6 technology, even if it is just for internal communications systems. Currently where I work there are 2 forces that are keeping us from fully implementing dual-stack: device support and upstream provider solutions. Many devices can accept IPv6 packets, but many device applications won’t accept connections, and others won’t forward IPv6 yet. (It’s simply mind boggling that a device manufacturer can route, manipulate, and track IPv6 traffic, but you can’t send it SNMP over IPv6 transport. Tier 1 vendors have also done a horrible job of detailing how an enterprise can peer with them using IPv6, tunnel or no tunnel. Solutions may exist, but I’d never know it. A lot of carriers think that since there’s a federal mandate, only federal customers would be interested in it, so some decided to only do something for the federal space. Just plain silly. I would like to plug Sprint, though. They provided a workable solution very early on, and are working on deploying on a larger scale. Even if I don’t send tons of traffic down it, it enables me to get my foot in the door.

August 19, 2008 at 2:27 am, irldexter said:

@Donavan Pantke NAT/Tunnelling/apps etc and incentives are the biggies… main confusion and adoption is explained in video here http://tinyurl.com/2afeqc which is essentially the Google IPv6 2008 conference e.g. Google Video search “ipv6 “Google Tech Talks” duration:long” and the most insightful vid is the panel discussion labelled ‘Google IPv6 Conference 2008: What will the IPv6 Internet’.. well worth a look in!

August 18, 2008 at 11:58 pm, DW said:

The cable modem example notwithstanding, what problem does ipv6 solve that rfc 1918 space doesn’t? My customers want to hit web servers and mail servers that have ipv4 addresses. And did they really need to have a single flat address space for every cable modem? Do they need to reach each other? NAT means issues with lots of IP protocols, but I wouldn’t remove my NAT firewall even if you took away my v4 addresses tomorrow. I’m just not getting it. Like the guy said above, DJB had their number years ago.

You wrote “The below graph shows the aggregate average daily IPv6 (tunneled and native)” while full technical IPv6 report “Tracking the IPv6 Migration” says “the total amount of inter-domain IPv6 traffic that is tunneled over IPv4”. Are you using difference source of information from the technical report for the graph above ?

IPv6 deployment is slow because the problem it solves hasn’t yet been felt… As long as there is available of IPv4 space for ISP growth, there is no reason to incur the significant costs of rolling out large-scale IPv6 connectivity solutions. We’ve failed to provide a significant benefit in functionality for IPv6, and hence the deployment incentives are “all stick, no carrot”. See RFC1669 for a decade-old forecast about how difficult this makes the transition.

There is, however, something that we all can do which doesn’t take a lot of effort, provides some practical experience, and aids others in the transition: IPv6 enable your public-facing services (such as web sites and mail servers). You’ll note that the public websites of both ServerVault (my day job) and ARIN (my preoccupation) have IPv6 addresses, and it really isn’t that hard. I look forward to seeing similar records for arbornetworks.com… 🙂

/John

August 19, 2008 at 7:15 am, Sean Doran said:

“This is somewhat equivalent to the allowed parts of contaminants in drinking water (my household water comes from the Detroit river).”

Bravo!

However, “politics trumps markets” does not appear to be true, or the political types of I* would surely have won the rubber by now. Be careful of your analysis of SI adoption too; it has always had some clear benefits in industries with large logistics networks, even in the USA, and finds use even in cases where the “UNI” is typically in non-SI units.

Decoupling the UNI from the NNI (and not requiring the same NNI at every gateway in the catenet) is workable if the users of higher layer protocols can expect to survive a partition that invalidates some (or all) of the network layer address 2-tuples of the communicating parties.

There are still too many applications expecting locally determined network layer addresses (LDNLA) to have universal, permanent meaning (i.e., no topological movement, no reuse, and the expectation that one can snailmail a LDNLA address to the Congo and expect “telnet [that address] 25” to connect the snailmail recipient to the desired MTA).

TUBA, sadly, did not really solve these problems either, but at least it had a more flexible understanding of AFs than SIP. (FWIW, the catnip partisans did not deeply explore the transient/reused/horizoned NLA problem either. Sadly the only strategy that addressed the issue directly were the ROLC-BISDN-ATM-to-the-desktop ideas for maintaining an essentially static global IP topology (with dynamism underneath)).

Your (3) is not so much a prediction as a statement of reality: if you are simply forwarding datagrams, IPv6 is not so difficult. The header overhead looks pretty attractive to a supplier in a market where contracts are usually done on the basis of $/Mbps/month. Yes, please encourage your students to use IPv6 for their bulk transfers! On the other hand, things break, and supporting sets of users who have one or the other protocol stack, or who are dual stacked, is a bit trickier, and harder to derive revenue from.

(4) and (1) should merge. It was foolish to pursue a deployment strategy that required any non-local coordination at all. At a topological distance, nobody should know or care about what your local island’s inter-network protocol is, any more than they should know or care about whether your LAN and WAN protocols are 802.5, 802.11, 802.17, or PPP.

An inter-network layer facilitates the hiding of information about underlying network protocols. An internetwork-layer gateway essentially manages information about tree-like topologies rooted on the gateway itself (“router” with Canadian vowels is an unavoidable pun). BGP4 gateways facilitate the hiding of branch information, using aggregation and summarization. NATs facilitate the hiding of leaf information as well. CATNIP’s idea was that a gateway may facilitate the hiding of information about what AF(s) are in use, essentially presenting nonlocal topology as a locally-suitable tree like structure rooted on the gateway. “Abstraction good, global exposure and global coordination IPv6”.

IPV6 has plenty of it’s own problems. With oversized headers, it’s entirely inappropriate for voice-over-IP. It does enlarge the address space, but the other problems it ‘solves’ are the non-problems that tenured academics and their graduate students fill conference proceedings about every year.

[…] Internet End is Near – I’m waiting until we see people wearing signs crying, “The Internet End is Near! IPv6 Now!” Right now it’s still a dream. In the mean time Arbor Networks offers some great analysis on the failure of IPv6 to take hold. I think too many of us still have thoughts of chicken little crying “Y2K, Y2K” in the back of our minds. […]

August 19, 2008 at 4:32 pm, David Green said:

I hate to tell you craig, but the olympic video offered at the site http://2001:252:0:1::2008:6 is IPv4-only. The webserver front end at http://2001:252:0:1::2008:6 is IPv6, but the video is being served from an IPv4-only video file server. Iâ€™ve asked Liu Dong of BII if they are using IPv6 IPTV anywhere else and am waiting to hearâ€¦

One reason there is so little IPv6 traffic is that on many networks is that,even though IPv6 or IPv6 tunneling is active, so few DNS servers at the edge serve up IPv6 AAAA records. To observe this, plug in a Sprint or Verizon aircard into Ms Vista and run ‘ipconfig’ to see that you have IPv6 running – generally 6to4.

Another way to drive up IPv6 usage to a majority of your enterprise network is to proxy the IPv4 WWW to IPv6 via SOCKS caching proxy (Try Squid). There is very little content on IPv6 webservers today.

[…] of 1 percent of Internet traffic” over the past year, Arbor Networks’ Craig Labovitz wrote in a summary of the findings, adding wryly: “This is somewhat equivalent to the allowed parts of contaminants in drinking […]

The impending IPv4 address allocation shortage has led to a lot of speculation on the future of IPv6. However, a new study says that Internet IPv6 migration is not just going slowly â€” it has basically not even begun. After spending a year measuring I…

Excellent and insightful article. I share your “Full disclosure” Not only did I work on the failed TUBA counter-proposal to IPv6, but I wrote many of the RFCs. My harbored grudge is simultaneously assuaged and outraged when I take note of what a dreadful job the inventors of what is now IPv6 have done in stewarding their proposal through deployment.

The lesson here: goals in any “successor protocol” plan should include more than simply preventing the alternative.

I’m not sure in what context you meant this, but if you are simply referring to an enterprise being able to purchase an MPLS-based RFC2547 IP-VPN with dual-stack IPv4/IPv6 capability, GLobal Crossing has supported this for a couple of years now. However, unlike our dual-stack Internet Access product, not a single customer has requested the capability be activated on their private IP-VPN service.

[…] study of IPv6 traffic on the Internet. Craig Labovitiz, Arbor Networks chief scientist, stated that only 900 days were left until the end of the Internet, or at least the exhaustion of IPv4 registry allocations. For the past year, the study shows very […]

You wrote : ” IPv6 in the United States is much like the high definition television federal mandate . . .”

There is NO federal mandate for HD TV in the US.
There IS a mandate to move to digital transmission and drop analog transmission.

The bandwidth of digital television transmission can be carved up by the broadcaster into standard def and / or high def channels. A broadcaster can choose not to transmit HD at all, and only transmit SD, as long as it is digital. That particular decision is not a good business decision, but it isn’t a technical one, or a decision forced by the government.

IPv6 has had its share of knocks due to mis-information and misunderstanding. Please do not do the same to the change over to digital television transmission.

[…] efforts haven’t done much to actually get a sizable proportion of Internet traffic on IPv6. A recent study reported by Arbor Networks Security found only 0.002% of all Internet traffic used IPv6, and that […]

[…] teh use of IPv6 from the data reported by Arbor in September 2008. Arbor Networks released a study The End is Near, but is IPv6? which says the adoption of IPv6 has been very slow thus far. The network security vendor produced […]

Subscribe to this blog

First Name*

Last Name*

Company*

Email*

Comments

This field is for validation purposes and should be left unchanged.

Asert

Arbor’s Security Engineering & Response Team (ASERT) delivers world-class network security research and analysis for the benefit of today’s enterprise and network operators. ASERT engineers and researchers are part of an elite group of institutions that are referred to as ‘super remediators’ and represent the best in information security. ASERT has both visibility and remediation capabilities at nearly every tier one operator and a majority of service provider networks globally.

ASERT shares operationally viable intelligence with hundreds of international Computer Emergency Response Teams (CERTs) and with thousands of network operators via in-band security content feeds. ASERT also operates the world’s largest distributed honeynet, actively monitoring Internet threats around the clock and around the globe.

Arbor Networks has collaborated with Jigsaw (formerly Google Ideas) to create a data visualization that shows how Distributed Denial of Service (DDoS) attacks have become a global problem. The data is updated daily from Arbor’s global network of sensors and can be viewed at www.digitalattackmap.com